SPG Law is inviting customers of Cathay Pacific to visit its website at cathaydatabreach.com (they were obviously quick off the draw setting that up…)

What shocked many people about the Cathay Pacific data breach is the months and months it took for the company to announce publicly that it had suffered a data breach.

In its announcement last week of a “data security event”, the airline revealed that it had first detected “suspicious activity” on its network in March 2018 and confirmed that there had been unauthorized access to personal information in early May 2018.

But never fear, SPG Law (and no doubt other law firms) are offering to apply some pressure on Cathay Pacific to cough up some compensation.

SPG Law, which is the newly-launched UK division of US law firm Sanders Phillips Grossman, estimates that each affected traveller may be able to claim thousands of dollars against Cathay Pacific, and notes that the airline may be failing to fulfil its requirements under GDPR by not offering any financial compensation for European individuals who suffer direct financial losses or non-material damage.

Group actions against hacked companies are a regular sight in the United States, but are relatively new here in the UK.

My hunch is that while big organisations continue to suffer serious security breaches, we’ll continue to see opportunistic law firms helping the public receive some compensation (and skimming off a tidy sum for themselves, of course).

Businesses may be well-minded to consider that fact when they dawdle for months over disclosing a data breach.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.